draft-ietf-rap-frameworkpib-01.txt   draft-ietf-rap-frameworkpib-02.txt 
Network Working Group M. Fine Network Working Group M. Fine
Internet Draft K. McCloghrie Internet Draft K. McCloghrie
Expires January 2001 Cisco Systems Expires March 2001 Cisco Systems
J. Seligson J. Seligson
K. Chan K. Chan
Nortel Networks Nortel Networks
S. Hahn S. Hahn
R. Sahita R. Sahita
Intel Intel
A. Smith A. Smith
No Affiliation No Affiliation
Francis Reichmeyer Francis Reichmeyer
IPHighway PFN
July 14, 2000 September 19, 2000
Framework Policy Information Base Framework Policy Information Base
draft-ietf-rap-frameworkpib-01.txt draft-ietf-rap-frameworkpib-02.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are all provisions of Section 10 of RFC2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as ''work in reference material or to cite them other than as ''work in
progress''. progress''.
To view the current status of any Internet-Draft, please check the To view the current status of any Internet-Draft, please check the
''1id-abstracts.txt'' listing contained in an Internet-Drafts Shadow ''1id-abstracts.txt'' listing contained in an Internet-Drafts Shadow
Directory, see http://www.ietf.org/shadow.html. Directory, see http://www.ietf.org/shadow.html.
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
1. Glossary 1. Glossary
PRC Policy Rule Class. A type of policy data. PRC Provisioning Class. A type of policy data.
PRI Policy Rule Instance. An instance of a PRC. PRI Provisioning Instance. An instance of a PRC.
PIB Policy Information Base. The database of policy information. PIB Policy Information Base. The database of policy information.
PDP Policy Decision Point. See [RAP-FRAMEWORK]. PDP Policy Decision Point. See [RAP-FRAMEWORK].
PEP Policy Enforcement Point. See [RAP-FRAMEWORK]. PEP Policy Enforcement Point. See [RAP-FRAMEWORK].
PRID Policy Rule Instance Identifier. Uniquely identifies an PRID Provisioning Instance Identifier. Uniquely identifies an
instance of a PRC. instance of a PRC.
2. Introduction 2. Introduction
[SPPI] describes a structure for specifying policy information that [SPPI] describes a structure for specifying policy information that
can then be transmitted to a network device for the purpose of can then be transmitted to a network device for the purpose of
configuring policy at that device. The model underlying this configuring policy at that device. The model underlying this
structure is one of well-defined policy rule classes and instances structure is one of well-defined provisioning classes and instances
of these classes residing in a virtual information store called the of these classes residing in a virtual information store called the
Policy Information Base (PIB). Policy Information Base (PIB).
One way to provision policy is by means of the COPS protocol [COPS] One way to provision policy is by means of the COPS protocol [COPS]
with the extensions for provisioning [COPS-PR]. This protocol with the extensions for provisioning [COPS-PR]. This protocol
supports multiple clients, each of which may provision policy for a supports multiple clients, each of which may provision policy for a
specific policy domain such as QoS, virtual private networks, or specific policy domain such as QoS, virtual private networks, or
security. security.
As described in [COPS-PR], each client supports a non-overlapping As described in [COPS-PR], each client supports a non-overlapping
and independent set of PIB modules. However, some policy rule and independent set of PIB modules. However, some provisioning
classes are common to all subject categories (client-types) and need classes are common to all subject-categories (client-types) and need
to be present in each. This document presents a set of PRCs that to be present in each. This document presents a set of PRCs that
are common to all clients that provision policy using COPS for are common to all clients that provision policy using COPS for
Provisioning. Provisioning.
3. General PIB Concepts 3. General PIB Concepts
3.1. Roles 3.1. Roles
The policy to apply to an interface may depend on many factors such The policy to apply to an interface may depend on many factors such
as immutable characteristics of the interface (e.g., ethernet or as immutable characteristics of the interface (e.g., ethernet or
frame relay), the status of the interface (e.g., half or full frame relay), the status of the interface (e.g., half or full
duplex), or user configuration (e.g., branch office or headquarters duplex), or user configuration (e.g., branch office or headquarters
interface). Rather than specifying policies explicitly for each interface). Rather than specifying policies explicitly for each
interface of all devices in the network, policies are specified in interface of all devices in the network, policies are specified in
terms of interface functionality. terms of interface functionality.
To describe these functionalities of an interface we use the concept To describe these functionalities of an interface we use the concept
of "roles". A role is simply a string that is associated with an of "roles". A role is simply a string that is associated with an
interface. A given interface may have any number of roles interface. A given interface may have any number of roles
simultaneously. Policy rule classes have an attribute called a simultaneously. Provisioning classes have an attribute called a
"role-combination" which is a lexicographically ordered set of "role-combination" which is a lexicographically ordered set of
roles. Instances of a given policy rule class are applied to an roles. Instances of a given provisioning class are applied to an
Framework Policy Information Base September 2000
interface if and only if the set of roles in the role combination interface if and only if the set of roles in the role combination
matches the set of the roles of the interface. matches the set of the roles of the interface.
Framework Policy Information Base July 2000
Thus, roles provide a way to bind policy to interfaces without Thus, roles provide a way to bind policy to interfaces without
having to explicitly identify interfaces in a consistent manner having to explicitly identify interfaces in a consistent manner
across all network devices. (The SNMP experience with ifIndex has across all network devices. (The SNMP experience with ifIndex has
proved this to be a difficult task.) That is, roles provide a level proved this to be a difficult task.) That is, roles provide a level
of indirection to the application of a set of policies to specific of indirection to the application of a set of policies to specific
interfaces. Furthermore, if the same policy is being applied to interfaces. Furthermore, if the same policy is being applied to
several interfaces, that policy need be pushed to the device only several interfaces, that policy need be pushed to the device only
once, rather than once per interface, as long as the interfaces are once, rather than once per interface, as long as the interfaces are
configured with the same role combination. configured with the same role combination.
skipping to change at page 4, line 5 skipping to change at page 4, line 5
specific roles, it also allows for other optimizations in reducing specific roles, it also allows for other optimizations in reducing
the number of role-combinations for which a policy has to be the number of role-combinations for which a policy has to be
specified. For example: specified. For example:
Suppose we have three interfaces: Suppose we have three interfaces:
Roles A, B and R1 are assigned to interface I1 Roles A, B and R1 are assigned to interface I1
Roles A, B and R2 are assigned to interface I2 Roles A, B and R2 are assigned to interface I2
Roles A, B and R3 are assigned to interface I3 Roles A, B and R3 are assigned to interface I3
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
Then, a PRI of the qosIfDscpAssignTable class which has the values: Then, a PRI of a fictional IfDscpAssignTable that has the following
values for its attributes:
qosIfDscpAssignPrid = 1 IfDscpAssignPrid = 1
qosIfDscpAssignRoles = "*+A+B" IfDscpAssignRoles = "*+A+B"
qosIfDscpAssignName = "4queues" IfDscpAssignName = "4queues"
qosIfDscpAssignDscpMap = 1 IfDscpAssignDscpMap = 1
will apply to all three interfaces, because "*" matches with R1, R2 will apply to all three interfaces, because "*" matches with R1, R2
and R3. and R3.
Formally, Formally,
- The wildcard role is denoted by "*", - The wildcard role is denoted by "*",
- The "*" role is not allowed to be defined as part of the role- - The "*" role is not allowed to be defined as part of the role-
combination of an interface as notified by the PEP to the PDP; it combination of an interface as notified by the PEP to the PDP; it
is only allowed in policies installed/deleted via COPS-PR from is only allowed in policies installed/deleted via COPS-PR from
the PDP to the PEP. the PDP to the PEP.
- For a policy to apply to an interface when the policy's role- - For a policy to apply to an interface when the policy's role-
combination is "*+a+b", then the interface's role-combination: combination is "*+a+b", then the interface's role-combination:
- Must include "a" and "b", and - Must include "a" and "b", and
- Can include zero or more other roles. - Can include zero or more other roles.
- The wildcard character "*" is listed before the other roles as - The wildcard character "*" is listed before the other roles as
"*" is lexicographically before "a"; however, the wildcard matches "*" is lexicographically before "a"; however, the wildcard matches
any zero or more roles, irrespective of lexicographical order. any zero or more roles, irrespective of lexicographical order.
For example: "*+b+e+g" would match "a+b+c+e+f+g" For example: "*+b+e+g" would match "a+b+c+e+f+g"
The concept and usage of roles in this document is consistent with
that specified in [POLICY]. Roles are currently under discussion in
the IETF's Policy WG; as and when that discussion reaches a
conclusion, this PIB will be updated in accordance with that
conclusion.
3.1.1. An Example 3.1.1. An Example
The functioning of roles might be best understood by an example. The functioning of roles might be best understood by an example.
Suppose I have a device with three interfaces, with roles as Suppose I have a device with three interfaces, with roles as
follows: follows:
IF1: "finance" IF1: "finance"
IF2: "finance" IF2: "finance"
IF3: "manager" IF3: "manager"
skipping to change at page 5, line 5 skipping to change at page 4, line 54
P1: Packets from finance department (role "finance") get DSCP 5 P1: Packets from finance department (role "finance") get DSCP 5
P2: Packets from managers (role "manager") get DSCP 6 P2: Packets from managers (role "manager") get DSCP 6
To obtain policy, the PEP reports to the PDP that it has some To obtain policy, the PEP reports to the PDP that it has some
interfaces with role combination "finance" and some with role interfaces with role combination "finance" and some with role
combination "manager". In response, the PDP downloads policy P1 combination "manager". In response, the PDP downloads policy P1
associated with role combination "finance" and downloads a second associated with role combination "finance" and downloads a second
policy P2 associated with role combination "manager". policy P2 associated with role combination "manager".
Framework Policy Information Base July 2000
Now suppose the finance person attached to IF2 is promoted to Now suppose the finance person attached to IF2 is promoted to
manager and so the system administrator adds the role "manager" to manager and so the system administrator adds the role "manager" to
IF2. The PEP now reports to the PDP that it has three role IF2. The PEP now reports to the PDP that it has three role
Framework Policy Information Base September 2000
combinations: some interfaces with role combination "finance", some combinations: some interfaces with role combination "finance", some
with role combination "manager" and some with role combination with role combination "manager" and some with role combination
"finance+manager". In response, the PDP downloads an additional "finance+manager". In response, the PDP downloads an additional
third policy associated with the new role combination third policy associated with the new role combination
"finance+manager". "finance+manager".
How the PDP determines the policy for this new role combination is How the PDP determines the policy for this new role combination is
entirely the responsibility of the PDP. It could do so entirely the responsibility of the PDP. It could do so
algorithmically or by rule. For example, there might be a rule that algorithmically or by rule. For example, there might be a rule that
specifies that manager policy takes preference over department specifies that manager policy takes preference over department
skipping to change at page 6, line 5 skipping to change at page 6, line 5
one being selected by the PDP. To facilitate this selection, the one being selected by the PDP. To facilitate this selection, the
Framework PIB supports an attribute to make a PIB instance the Framework PIB supports an attribute to make a PIB instance the
active one and, similarly, to report the active PIB instance to the active one and, similarly, to report the active PIB instance to the
PDP in a COPS request message. This attribute is in the Incarnation PDP in a COPS request message. This attribute is in the Incarnation
Table described below. Table described below.
Setting the attribute FrwkPibIncarnationActive to 'true' in one PIB Setting the attribute FrwkPibIncarnationActive to 'true' in one PIB
instance MUST ensure that the attribute is 'false' in all other instance MUST ensure that the attribute is 'false' in all other
contexts. contexts.
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
3.3. Reporting of Device Capabilities 3.3. Reporting of Device Capabilities
Each network device providing policy-based services has its own Each network device providing policy-based services has its own
inherent capabilities. These capabilities can be hardware specific, inherent capabilities. These capabilities can be hardware specific,
e.g., an ethernet interface supporting input classification, or can e.g., an ethernet interface supporting input classification, or can
be statically configured, e.g., supported queuing disciplines. be statically configured, e.g., supported queuing disciplines.
These capabilities are communicated to the PDP when initial policy These capabilities are communicated to the PDP when initial policy
is requested by the PEP. Knowing device capabilities, the PDP can is requested by the PEP. Knowing device capabilities, the PDP can
send the policy rule instances (PRIs) relevant to the specific send the provisioning instances (PRIs) relevant to the specific
device, rather than sending the entire PIB. device, rather than sending the entire PIB.
The PIB indicates which capabilities the PEP must report to the PDP The PIB indicates which capabilities the PEP must report to the PDP
by means of the PIB-ACCESS clause as described in [SPPI]. by means of the PIB-ACCESS clause as described in [SPPI].
3.4. Reporting of Device Limitations 3.4. Reporting of Device Limitations
To facilitate efficient policy installation, it is important to To facilitate efficient policy installation, it is important to
understand a device's limitations in relation to the advertised understand a device's limitations in relation to the advertised
device capabilities. Limitations may be class-based, e.g., an device capabilities. Limitations may be class-based, e.g., an
skipping to change at page 6, line 48 skipping to change at page 6, line 48
Reported device limitations may be accompanied by guidance values Reported device limitations may be accompanied by guidance values
that can be used by a PDP to determine acceptable values for the that can be used by a PDP to determine acceptable values for the
identified attributes. identified attributes.
4. Summary of the Framework PIB 4. Summary of the Framework PIB
The Framework PIB comprises of three groups: The Framework PIB comprises of three groups:
1. Base PIB classes Group 1. Base PIB classes Group
This contains PRCs intended to describe the classes supported This contains PRCs intended to describe the PRCs supported
by the PEP, limitations and its current configuration. by the PEP, PRC and/or attribute limitations and its current
configuration.
PRC Support Table PRC Support Table
As the technology evolves, we expect devices to be enhanced As the technology evolves, we expect devices to be enhanced
with new PIBs, existing PIBs to add new PRCs and existing PRCs with new PIBs, existing PIBs to add new PRCs and existing PRCs
to be augmented or extended with new attributes. Also, it is to be augmented or extended with new attributes. Also, it is
likely that some existing PRCs or individual attributes of PRCs likely that some existing PRCs or individual attributes of PRCs
will be deprecated. The PRC Support Table describes the PRCs will be deprecated. The PRC Support Table describes the PRCs
that the device supports as well as the individual attributes
of each PRC. Using this information the PDP can potentially
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
that the device supports as well as the individual attributes
of each PRC. Using this information the PDP can potentially
tailor the policy to more closely match the capabilities of the tailor the policy to more closely match the capabilities of the
device. The PRC Support Table instances are specific to the device. The PRC Support Table instances are specific to the
particular Subject Category (Client-Type). That is, the PRC particular Subject Category (Client-Type). That is, the PRC
Support Table for Subject Category 'A' will not include Support Table for Subject Category 'A' will not include
instances for classes supported by the Subject Category 'B'. instances for classes supported by the Subject Category 'B'.
PIB Incarnation Table PIB Incarnation Table
This table contains exactly one row (corresponding to one PRI) This table contains exactly one row (corresponding to one PRI)
per context. It identifies the PDP that was the last to per context. It identifies the PDP that was the last to
download policy into the device and also contains an identifier download policy into the device and also contains an identifier
to identify the version of the policy currently downloaded. to identify the version of the policy currently downloaded.
This identifier, both its syntax and value, is meaningful only This identifier, both its syntax and value, is meaningful only
to the PDPs. It is intended to be a mechanism whereby a PDP, to the PDPs. It is intended to be a mechanism whereby a PDP,
on connecting to a PEP, can easily identify a known incarnation on connecting to a PEP, can easily identify a known incarnation
of policy. The incarnation PRC also includes an attribute to of policy. The incarnation PRC also includes an attribute to
indicate which context is the active one at the present time. indicate which context is the active one at the present time.
Attribute Limitations Table Component Limitations Table
Some devices may not be able to implement the full range of Some devices may not be able to implement the full range of
values for all attributes. In principle, each PRC supports a values for all attributes. In principle, each PRC supports a
set of errors that the PEP can report to the PDP in the event set of errors that the PEP can report to the PDP in the event
that the specified policy is not implementable. There are two that the specified policy is not implementable. There are two
problems with this: it may be preferable for the PDP to be problems with this: it may be preferable for the PDP to be
informed of the device limitations before actually attempting informed of the device limitations before actually attempting
to install policy, and while the error can indicate that a to install policy, and while the error can indicate that a
particular attribute value is unacceptable to the PEP, this particular attribute value is unacceptable to the PEP, this
does not help the PDP ascertain which values would be does not help the PDP ascertain which values would be
acceptable. To alleviate these limitations, the PEP can report acceptable. To alleviate these limitations, the PEP can report
some limitations of attribute values in the Attribute some limitations of attribute values and/or classes in the
Limitations Table. Component Limitations Table.
Device Identification Table Device Identification Table
This class contains a single policy rule instance that contains This class contains a single provisioning instance that
device-specific information that is used to facilitate contains device-specific information that is used to facilitate
efficient policy installation by a PDP. The instance of this efficient policy installation by a PDP. The instance of this
class is reported to the PDP in a COPS request message so that class is reported to the PDP in a COPS request message so that
the PDP can take into account certain device characteristics the PDP can take into account certain device characteristics
during policy installation. during policy installation.
2. Device Capabilities group 2. Device Capabilities group
This group contains the PRCs that contain the types of interfaces This group contains the PRCs that describe the characteristics of
of the device and the Role Combinations assigned to them. interfaces of the device and the Role Combinations assigned to
them.
Interface Capabilities Set Table Interface Capabilities Set Table
The interface types the PEP supports are described by rows in The interfaces the PEP supports are described by rows in
this table (frwkIfCapSetTable). Each row, or instance of this
class, describes the characteristics of an interface type. The
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
PEP notifies the PDP of these interface types and then the PDP this table (frwkIfCapSetTable). Each row, or instance of this
configures the interfaces, per role combination. class, assigns a name to the interface and has references to
capabilities that the interface supports. The references can
specify instances in relevant capability tables in any PIB. The
PEP notifies the PDP of these interface names and capabilities
and then the PDP configures the interfaces, per role
combination.
Interface Capability and Role Combo Table Interface Capability and Role Combo Table
The Interface Cap Set Table describes the types of interfaces The Interface Capabilities Set Table describes the interfaces
the PEP supports by their capabilities. Configuration is done the PEP supports by their capabilities. Configuration is done
in terms of these interface types and the role combinations in terms of these interface capability set names (ifCapSetName)
assigned to them; The PDP does not deal with individual and the role combinations assigned to them; The PDP does not
interfaces on the device. Each row of this class is a deal with individual interfaces on the device. Each row of this
<interface type, Role Combo> two-tuple. class is a <interface capability set name, Role Combo>
two-tuple.
3. Classifier group 3. Classifier group
This group contains the IP and IEEE 802 Classifier elements. The This group contains the IP and IEEE 802 Classifier elements.
set of tables consist of a Base Filter table that is extended to The set of tables consist of a Base Filter table that contains
form the IP Filter table and the 802 Filter table. The Filter the Index InstanceId and the Permit flag for the filter. This
Group table forms sets of filters. frwkBaseFilterTable is extended to form the IP Filter table
and the 802 Filter table.
Framework Policy Information Base July 2000 The Extended classes do not have a separate Index value.
Instances of the extended classes have the same indices as
their base class instance. Inheritance is achieved using the
EXTENDS keyword as defined in [SPPI]. The Filter Group
Definition table uses ReferenceId Textual Convention semantics
to reference filter instances and TagId and TagReferenceId
Textual Convention semantics [SPPI] to form sets of filters
that could be referenced by some other association table
instance.
Framework Policy Information Base September 2000
5. The Framework PIB Module 5. The Framework PIB Module
FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
Unsigned32, Integer32, MODULE-IDENTITY, Unsigned32, Integer32, MODULE-IDENTITY,
MODULE-COMPLIANCE, OBJECT-TYPE MODULE-COMPLIANCE, OBJECT-TYPE
FROM COPS-PR-SPPI FROM COPS-PR-SPPI
PolicyInstanceId, PolicyReferenceId, Prid, InstanceId, ReferenceId, Prid, TagId
PolicyTagId
FROM COPS-PR-SPPI-TC FROM COPS-PR-SPPI-TC
InetAddress InetAddress, InetAddressType
FROM INET-ADDRESS-MIB FROM INET-ADDRESS-MIB
TruthValue, TEXTUAL-CONVENTION, PhysAddress TruthValue, TEXTUAL-CONVENTION, PhysAddress
FROM SNMPv2-TC FROM SNMPv2-TC
Role, RoleCombination Role, RoleCombination
FROM POLICY-DEVICE-AUX-MIB FROM POLICY-DEVICE-AUX-MIB
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
OBJECT-GROUP OBJECT-GROUP
FROM SNMPv2-CONF; FROM SNMPv2-CONF;
frameworkPib MODULE-IDENTITY frameworkPib MODULE-IDENTITY
SUBJECT-CATEGORY { all } SUBJECT-CATEGORIES { all }
LAST-UPDATED "200007141200Z" LAST-UPDATED "200009061200Z"
ORGANIZATION "IETF RAP WG" ORGANIZATION "IETF RAP WG"
CONTACT-INFO " CONTACT-INFO "
Michael Fine Michael Fine
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 527 8218 Phone: +1 408 527 8218
Email: mfine@cisco.com Email: mfine@cisco.com
Keith McCloghrie Keith McCloghrie
skipping to change at page 9, line 55 skipping to change at page 9, line 54
Phone: +1 408 526 5260 Phone: +1 408 526 5260
Email: kzm@cisco.com Email: kzm@cisco.com
John Seligson John Seligson
Nortel Networks, Inc. Nortel Networks, Inc.
4401 Great America Parkway 4401 Great America Parkway
Santa Clara, CA 95054 USA Santa Clara, CA 95054 USA
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com" Email: jseligso@nortelnetworks.com"
DESCRIPTION DESCRIPTION
"A PIB module containing the base set of policy "A PIB module containing the base set of provisioning
rule classes that are required for support of classes that are required for support of policies for
all policies." all subject-categories."
::= { tbd } ::= { tbd }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
-- --
-- The root OID for PRCs in the Framework PIB -- The root OID for PRCs in the Framework PIB
-- --
frwkBasePibClasses frwkBasePibClasses
OBJECT IDENTIFIER ::= { frameworkPib 1 } OBJECT IDENTIFIER ::= { frameworkPib 1 }
-- --
-- Textual Conventions -- Textual Conventions
skipping to change at page 10, line 49 skipping to change at page 10, line 49
::= { frwkBasePibClasses 1 } ::= { frwkBasePibClasses 1 }
frwkPrcSupportEntry OBJECT-TYPE frwkPrcSupportEntry OBJECT-TYPE
SYNTAX FrwkPrcSupportEntry SYNTAX FrwkPrcSupportEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkPrcSupport class that identifies a "An instance of the frwkPrcSupport class that identifies a
specific PRC and associated attributes as supported specific PRC and associated attributes as supported
by the device." by the device."
INDEX { frwkPrcSupportPrid } PIB-INDEX { frwkPrcSupportPrid }
UNIQUENESS { frwkPrcSupportSupportedPrc } UNIQUENESS { frwkPrcSupportSupportedPrc }
::= { frwkPrcSupportTable 1 } ::= { frwkPrcSupportTable 1 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
FrwkPrcSupportEntry ::= SEQUENCE { FrwkPrcSupportEntry ::= SEQUENCE {
frwkPrcSupportPrid PolicyInstanceId, frwkPrcSupportPrid InstanceId,
frwkPrcSupportSupportedPrc OBJECT IDENTIFIER, frwkPrcSupportSupportedPrc OBJECT IDENTIFIER,
frwkPrcSupportSupportedAttrs OCTET STRING, frwkPrcSupportSupportedAttrs OCTET STRING,
frwkPrcSupportMaxPris Unsigned32 frwkPrcSupportMaxPris Unsigned32
} }
frwkPrcSupportPrid OBJECT-TYPE frwkPrcSupportPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the frwkPrcSupport class." instance of the frwkPrcSupport class."
::= { frwkPrcSupportEntry 1 } ::= { frwkPrcSupportEntry 1 }
frwkPrcSupportSupportedPrc OBJECT-TYPE frwkPrcSupportSupportedPrc OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
STATUS current STATUS current
skipping to change at page 12, line 5 skipping to change at page 12, line 5
corresponding to the (8*i)-th class attribute. Each bit of corresponding to the (8*i)-th class attribute. Each bit of
this bit mask specifies whether or not the corresponding this bit mask specifies whether or not the corresponding
class attribute is currently supported, with a '1' class attribute is currently supported, with a '1'
indicating support and a '0' indicating no support. If the indicating support and a '0' indicating no support. If the
value of this bit mask is N bits long and there are more value of this bit mask is N bits long and there are more
than N class attributes then the bit mask is logically than N class attributes then the bit mask is logically
extended with 0's to the required length." extended with 0's to the required length."
::= { frwkPrcSupportEntry 3 } ::= { frwkPrcSupportEntry 3 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwkPrcSupportMaxPris OBJECT-TYPE frwkPrcSupportMaxPris OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A non-negative value indicating the maximum number of "A non-negative value indicating the maximum number of
policy rule instances that can be installed in the provisioning instances that can be installed in the
identified policy rule class. Note that actual number of identified provisioning class. Note that actual number of
PRIs that can be installed in a PRC at any given time may be PRIs that can be installed in a PRC at any given time may be
less than this value based on the current operational state less than this value based on the current operational state
(e.g.,resources currently consumed) of the device." (e.g.,resources currently consumed) of the device."
::= { frwkPrcSupportEntry 4 } ::= { frwkPrcSupportEntry 4 }
-- --
-- PIB Incarnation Table -- PIB Incarnation Table
-- --
frwkPibIncarnationTable OBJECT-TYPE frwkPibIncarnationTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkPibIncarnationEntry SYNTAX SEQUENCE OF FrwkPibIncarnationEntry
PIB-ACCESS install-notify,7 PIB-ACCESS install-notify,7
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This class contains a single policy rule instance per "This class contains a single provisioning instance per
installed context that identifies the current incarnation installed context that identifies the current incarnation
of the PIB and the PDP or network manager that installed of the PIB and the PDP or network manager that installed
this incarnation. The instance of this class is reported to this incarnation. The instance of this class is reported to
the PDP in the REQ message so that the PDP can (attempt to) the PDP in the REQ message so that the PDP can (attempt to)
ascertain the current state of the PIB and the active ascertain the current state of the PIB and the active
context. A network manager may use the instance to context. A network manager may use the instance to
determine the state of the device with regard to existing determine the state of the device with regard to existing
NMS interactions." NMS interactions."
::= { frwkBasePibClasses 2 } ::= { frwkBasePibClasses 2 }
frwkPibIncarnationEntry OBJECT-TYPE frwkPibIncarnationEntry OBJECT-TYPE
SYNTAX FrwkPibIncarnationEntry SYNTAX FrwkPibIncarnationEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkPibIncarnation class. Only "An instance of the frwkPibIncarnation class. Only
one instance of this policy class is ever instantiated. one instance of this policy class is ever instantiated.
per context" per context"
INDEX { frwkPibIncarnationPrid } PIB-INDEX { frwkPibIncarnationPrid }
UNIQUENESS { frwkPibIncarnationName } UNIQUENESS { frwkPibIncarnationName }
::= { frwkPibIncarnationTable 1 } ::= { frwkPibIncarnationTable 1 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
FrwkPibIncarnationEntry ::= SEQUENCE { FrwkPibIncarnationEntry ::= SEQUENCE {
frwkPibIncarnationPrid PolicyInstanceId, frwkPibIncarnationPrid InstanceId,
frwkPibIncarnationName SnmpAdminString, frwkPibIncarnationName SnmpAdminString,
frwkPibIncarnationId OCTET STRING, frwkPibIncarnationId OCTET STRING,
frwkPibIncarnationLongevity INTEGER, frwkPibIncarnationLongevity INTEGER,
frwkPibIncarnationTtl Unsigned32, frwkPibIncarnationTtl Unsigned32,
frwkPibIncarnationActive TruthValue frwkPibIncarnationActive TruthValue
} }
frwkPibIncarnationPrid OBJECT-TYPE frwkPibIncarnationPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index to uniquely identify an instance of this "An index to uniquely identify an instance of this
policy class." policy class."
::= { frwkPibIncarnationEntry 1 } ::= { frwkPibIncarnationEntry 1 }
frwkPibIncarnationName OBJECT-TYPE frwkPibIncarnationName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
skipping to change at page 14, line 5 skipping to change at page 14, line 5
SYNTAX OCTET STRING SYNTAX OCTET STRING
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An ID to identify the current incarnation. It has meaning "An ID to identify the current incarnation. It has meaning
to the PDP/manager that installed the PIB and perhaps its to the PDP/manager that installed the PIB and perhaps its
standby PDPs/managers. By default, it is the zero-length standby PDPs/managers. By default, it is the zero-length
string." string."
::= { frwkPibIncarnationEntry 3 } ::= { frwkPibIncarnationEntry 3 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwkPibIncarnationLongevity OBJECT-TYPE frwkPibIncarnationLongevity OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
expireNever(1), expireNever(1),
expireImmediate(2), expireImmediate(2),
expireOnTimeout(3) expireOnTimeout(3)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This attribute controls what the PEP does with the "This attribute controls what the PEP does with the
skipping to change at page 14, line 44 skipping to change at page 14, line 44
been installed dynamically (e.g., by a PDP via COPS)." been installed dynamically (e.g., by a PDP via COPS)."
::= { frwkPibIncarnationEntry 4 } ::= { frwkPibIncarnationEntry 4 }
frwkPibIncarnationTtl OBJECT-TYPE frwkPibIncarnationTtl OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of seconds after a Client Close or TCP timeout "The number of seconds after a Client Close or TCP timeout
for which the PEP continues to enforce the policy in the for which the PEP continues to enforce the policy in the
PIB. After this interval, the PIB is considered expired and
the device no longer enforces the policy installed in the
PIB. PIB.
After this interval, the PIB is considered expired and the
device no longer enforces the policy installed in the PIB.
This attribute is only meaningful if This attribute is only meaningful if
frwkPibIncarnationLongevity is set to expireOnTimeout." frwkPibIncarnationLongevity is set to expireOnTimeout."
::= { frwkPibIncarnationEntry 5 } ::= { frwkPibIncarnationEntry 5 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwkPibIncarnationActive OBJECT-TYPE frwkPibIncarnationActive OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If this attribute is set to TRUE, then the PIB instance "If this attribute is set to TRUE, then the PIB instance
to which this PRI belongs becomes the active PIB instance. to which this PRI belongs becomes the active PIB instance.
The previous active instance MUST become inactive and the The previous active instance MUST become inactive and the
frwkPibIncarnationActive attribute in that PIB instance frwkPibIncarnationActive attribute in that PIB instance
MUST be set to false." MUST be set to false."
skipping to change at page 15, line 32 skipping to change at page 15, line 32
-- This table supports the ability to export general -- This table supports the ability to export general
-- purpose device information to facilitate efficient -- purpose device information to facilitate efficient
-- communication between the device and a PDP -- communication between the device and a PDP
frwkDeviceIdTable OBJECT-TYPE frwkDeviceIdTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkDeviceIdEntry SYNTAX SEQUENCE OF FrwkDeviceIdEntry
PIB-ACCESS notify,5 PIB-ACCESS notify,5
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This class contains a single policy rule instance that "This class contains a single provisioning instance that
contains device-specific information that is used to contains device-specific information that is used to
facilitate efficient policy installation by a PDP. The facilitate efficient policy installation by a PDP. The
instance of this class is reported to the PDP in a COPS instance of this class is reported to the PDP in a COPS
request message so that the PDP can take into account request message so that the PDP can take into account
certain device characteristics during policy installation." certain device characteristics during policy installation."
::= { frwkBasePibClasses 3 } ::= { frwkBasePibClasses 3 }
frwkDeviceIdEntry OBJECT-TYPE frwkDeviceIdEntry OBJECT-TYPE
SYNTAX FrwkDeviceIdEntry SYNTAX FrwkDeviceIdEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkDeviceId class. Only one instance of "An instance of the frwkDeviceId class. Only one instance of
this policy class is ever instantiated." this policy class is ever instantiated."
INDEX { frwkDeviceIdPrid } PIB-INDEX { frwkDeviceIdPrid }
UNIQUENESS { frwkDeviceIdDescr } UNIQUENESS { frwkDeviceIdDescr }
::= { frwkDeviceIdTable 1 } ::= { frwkDeviceIdTable 1 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
FrwkDeviceIdEntry ::= SEQUENCE { FrwkDeviceIdEntry ::= SEQUENCE {
frwkDeviceIdPrid PolicyInstanceId, frwkDeviceIdPrid InstanceId,
frwkDeviceIdDescr SnmpAdminString, frwkDeviceIdDescr SnmpAdminString,
frwkDeviceIdMaxMsg Unsigned32, frwkDeviceIdMaxMsg Unsigned32,
frwkDeviceIdMaxContexts Unsigned32 frwkDeviceIdMaxContexts Unsigned32
} }
frwkDeviceIdPrid OBJECT-TYPE frwkDeviceIdPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index to uniquely identify an instance of this "An index to uniquely identify an instance of this
policy class." policy class."
::= { frwkDeviceIdEntry 1 } ::= { frwkDeviceIdEntry 1 }
frwkDeviceIdDescr OBJECT-TYPE frwkDeviceIdDescr OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..255)) SYNTAX SnmpAdminString (SIZE(0..255))
STATUS current STATUS current
skipping to change at page 17, line 5 skipping to change at page 17, line 5
frwkDeviceIdMaxContexts OBJECT-TYPE frwkDeviceIdMaxContexts OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum number of unique contexts supported by "The maximum number of unique contexts supported by
the device." the device."
::= { frwkDeviceIdEntry 4 } ::= { frwkDeviceIdEntry 4 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
-- --
-- Component Limitations Table -- Component Limitations Table
-- --
-- This table supports the ability to export information -- This table supports the ability to export information
-- detailing policy class/attribute implementation limitations -- detailing provisioning class/attribute implementation limitations
-- to the policy management system. -- to the policy management system.
frwkCompLimitsTable OBJECT-TYPE frwkCompLimitsTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkCompLimitsEntry SYNTAX SEQUENCE OF FrwkCompLimitsEntry
PIB-ACCESS notify,6 PIB-ACCESS notify, 7
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each instance of this class identifies a policy class or "Each instance of this class identifies a policy class or
attribute and a limitation related to the implementation of attribute and a limitation related to the implementation of
the class/attribute in the device. Additional information the class/attribute in the device. Additional information
providing guidance related to the limitation may also be providing guidance related to the limitation may also be
present. These PRIs are sent to the PDP to indicate which present. These PRIs are sent to the PDP to indicate which
PRCs or PRC attributes the device supports in a restricted PRCs or PRC attributes the device supports in a restricted
manner." manner."
skipping to change at page 17, line 43 skipping to change at page 17, line 43
DESCRIPTION DESCRIPTION
"An instance of the frwkCompLimits class that identifies "An instance of the frwkCompLimits class that identifies
a PRC or PRC attribute and a limitation related to the PRC a PRC or PRC attribute and a limitation related to the PRC
or PRC attribute implementation supported by the device. or PRC attribute implementation supported by the device.
All PRIs of this class represent errors that would be All PRIs of this class represent errors that would be
returned in relation to the identified component for policy returned in relation to the identified component for policy
installation requests that don't abide by the restrictions installation requests that don't abide by the restrictions
indicated by the limitation type (error code) and, possibly, indicated by the limitation type (error code) and, possibly,
a provided guidance value." a provided guidance value."
INDEX { frwkCompLimitsPrid } PIB-INDEX { frwkCompLimitsPrid }
UNIQUENESS { frwkCompLimitsComponent, UNIQUENESS { frwkCompLimitsComponent,
FrwkCompLimitsTypeGlobal,
frwkCompLimitsType, frwkCompLimitsType,
frwkCompLimitsSubType, frwkCompLimitsSubType,
frwkCompLimitsGuidance } frwkCompLimitsGuidance }
::= { frwkCompLimitsTable 1 } ::= { frwkCompLimitsTable 1 }
FrwkCompLimitsEntry ::= SEQUENCE { FrwkCompLimitsEntry ::= SEQUENCE {
frwkCompLimitsPrid PolicyInstanceId, frwkCompLimitsPrid InstanceId,
frwkCompLimitsComponent OBJECT IDENTIFIER, frwkCompLimitsComponent OBJECT IDENTIFIER,
frwkCompLimitsTypeGlobal TruthValue,
frwkCompLimitsType Integer32, frwkCompLimitsType Integer32,
frwkCompLimitsSubType INTEGER, frwkCompLimitsSubType INTEGER,
frwkCompLimitsGuidance OCTET STRING frwkCompLimitsGuidance OCTET STRING
} }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwkCompLimitsPrid OBJECT-TYPE frwkCompLimitsPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the frwkCompLimits class." instance of the frwkCompLimits class."
::= { frwkCompLimitsEntry 1 } ::= { frwkCompLimitsEntry 1 }
frwkCompLimitsComponent OBJECT-TYPE frwkCompLimitsComponent OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The object identifier of a PRC or PRC attribute that "The object identifier of a PRC or PRC attribute that
is supported in some limited fashion with regard to it's is supported in some limited fashion with regard to it's
definition in the associated PIB module. The same PRC or definition in the associated PIB module. The same PRC or
PRC attribute identifier may appear in the table several PRC attribute identifier may appear in the table several
times, once for each implementation limitation times, once for each implementation limitation
acknowledged by the device. " acknowledged by the device. "
::= { frwkCompLimitsEntry 2 } ::= { frwkCompLimitsEntry 2 }
frwkCompLimitsTypeGlobal OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"A boolean value that has value TRUE if the
frwkCompLimitsType value is a Global component limitation
code defined in [COPS-PR], else has value FALSE which
implies the frwkCompLimitsType is a PRC specific component
limitation code defined in the INSTALL-ERRORS clause of
that PRC [SPPI]."
::= { frwkCompLimitsEntry 3 }
frwkCompLimitsType OBJECT-TYPE frwkCompLimitsType OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value describing an implementation limitation for the "A value describing an implementation limitation for the
device related to the PRC or PRC attribute identified by device related to the PRC or PRC attribute identified by
the frwkCompLimitsComponent data in this class instance. the frwkCompLimitsComponent data in this class instance.
Values for this object are derived from the defined Values for this object are derived from the defined
error values associated with the PRC of the identified error values associated with the PRC of the identified
attribute or the PRC itself. All genericPrc and specificPrc attribute or the PRC itself. All genericPrc and specificPrc
(defined in a PRC INSTALL-ERRORS clause) error codes (defined in a PRC INSTALL-ERRORS clause) error codes
represent valid limitation type values. The enumeration represent valid limitation type values. The enumeration
values for generic Class-Specific errors are listed in values for generic Class-Specific errors are listed in
[COPS-PR]. [COPS-PR].
Framework Policy Information Base September 2000
For example, an implementation of the frwkIpFilter class may For example, an implementation of the frwkIpFilter class may
be limited in several ways, such as address mask, protocol be limited in several ways, such as address mask, protocol
and Layer 4 port options. These limitations could be and Layer 4 port options. These limitations could be
exported using this table with the following instances: exported using this table with the following instances:
Component Type Component Type
-------------------------------------------------- --------------------------------------------------
'frwkIpFilterDstAddrMask' 'attrValueSupLimited' 'frwkIpFilterDstAddrMask' 'attrValueSupLimited'
'frwkIpFilterSrcAddrMask' 'attrValueSupLimited' 'frwkIpFilterSrcAddrMask' 'attrValueSupLimited'
'frwkIpFilterProtocol' 'attrValueSupLimited' 'frwkIpFilterProtocol' 'attrValueSupLimited'
'frwkIpFilterProtocol' 'attrValueSupLimited' 'frwkIpFilterProtocol' 'attrValueSupLimited'
'frwkIpFilterDstL4PortMin' 'invalidDstL4PortData' 'frwkIpFilterDstL4PortMin' 'invalidDstL4PortData'
'frwkIpFilterDstL4PortMax' 'invalidDstL4PortData' 'frwkIpFilterDstL4PortMax' 'invalidDstL4PortData'
'frwkBaseFilterPermit' 'attrEnumSupLimited' 'frwkBaseFilterPermit' 'attrEnumSupLimited'
Framework Policy Information Base July 2000
The above entries describe a number of limitations that The above entries describe a number of limitations that
may be in effect for the frwkIpFilter class on a given may be in effect for the frwkIpFilter class on a given
device. The limitations include restrictions on acceptable device. The limitations include restrictions on acceptable
values for certain attributes and indications of the values for certain attributes and indications of the
relationship between related attributes. relationship between related attributes.
Also, an implementation of a PRC may be limited in the ways Also, an implementation of a PRC may be limited in the ways
it can be accessed. For instance: it can be accessed. For instance:
Component Type Component Type
-------------------------------------------------- --------------------------------------------------
'DscpMapEntry' 'priNotifyOnly' 'DscpMapEntry' 'priNotifyOnly'
If the errors defined in the INSTALL-ERRORS section are not If the errors defined in the INSTALL-ERRORS section are not
generic Class-Specific errors (in the example, generic Class-Specific errors (in the example,
'invalidDstL4PortData') then the Error code sent should be 'invalidDstL4PortData') then the Error code sent must be
'priSpecificError'[COPS-PR] and the Sub-Error code should 'priSpecificError'[COPS-PR] and the Sub-Error code must
contain the enumeration value from the INSTALL-ERRORS contain the enumeration value from the INSTALL-ERRORS
section for the PRC (in the example, the enumeration value section for the PRC (in the example, the enumeration value
for 'invalidDstL4PortData') [SPPI]." for 'invalidDstL4PortData') [SPPI]."
::= { frwkCompLimitsEntry 3 } ::= { frwkCompLimitsEntry 4 }
frwkCompLimitsSubType OBJECT-TYPE frwkCompLimitsSubType OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
none(1), none(1),
lengthMin(2), lengthMin(2),
lengthMax(3), lengthMax(3),
rangeMin(4), rangeMin(4),
rangeMax(5), rangeMax(5),
enumMin(6), enumMin(6),
enumMax(7), enumMax(7),
enumOnly(8), enumOnly(8),
valueOnly(9), valueOnly(9),
extendsOid(10) extendsOid(10)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base September 2000
"This object indicates the type of guidance related "This object indicates the type of guidance related
to the noted limitation (as indicated by the to the noted limitation (as indicated by the
frwkCompLimitsType attribute) that is provided frwkCompLimitsType attribute) that is provided
in the frwkCompLimitsGuidance attribute. in the frwkCompLimitsGuidance attribute.
A value of 'none(1)' means that no additional A value of 'none(1)' means that no additional
guidance is provided for the noted limitation type. guidance is provided for the noted limitation type.
A value of 'lengthMin(2)' means that the guidance A value of 'lengthMin(2)' means that the guidance
attribute provides data related to the minimum attribute provides data related to the minimum
acceptable length for the value of the identified acceptable length for the value of the identified
component. A corresponding class instance component. A corresponding class instance
specifying the 'lengthMax(3)' value is required specifying the 'lengthMax(3)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
Framework Policy Information Base July 2000
A value of 'lengthMax(3)' means that the guidance A value of 'lengthMax(3)' means that the guidance
attribute provides data related to the maximum attribute provides data related to the maximum
acceptable length for the value of the identified acceptable length for the value of the identified
component. A corresponding class instance component. A corresponding class instance
specifying the 'lengthMin(2)' value is required specifying the 'lengthMin(2)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
A value of 'rangeMin(4)' means that the guidance A value of 'rangeMin(4)' means that the guidance
attribute provides data related to the lower bound attribute provides data related to the lower bound
of the range for the value of the identified of the range for the value of the identified
skipping to change at page 20, line 45 skipping to change at page 21, line 4
A value of 'enumMin(7)' means that the guidance A value of 'enumMin(7)' means that the guidance
attribute provides data related to the largest attribute provides data related to the largest
enumeration acceptable for the value of the enumeration acceptable for the value of the
identified component. A corresponding identified component. A corresponding
class instance specifying the 'enumMin(6)' class instance specifying the 'enumMin(6)'
value is required in conjunction with this sub-type. value is required in conjunction with this sub-type.
A value of 'enumOnly(8)' means that the guidance A value of 'enumOnly(8)' means that the guidance
attribute provides data related to a single attribute provides data related to a single
enumeration acceptable for the value of the enumeration acceptable for the value of the
Framework Policy Information Base September 2000
identified component. identified component.
A value of 'valueOnly(9)' means that the guidance A value of 'valueOnly(9)' means that the guidance
attribute provides data related to a single attribute provides data related to a single
value that is acceptable for the identified value that is acceptable for the identified
component. component.
A value of 'extendsOid(10)' means that the guidance A value of 'extendsOid(10)' means that the guidance
attribute provides data related to a PRC that attribute provides data related to a PRC that
AUGMENTS or EXTENDS the identified policy class." AUGMENTS or EXTENDS the identified policy class."
::= { frwkCompLimitsEntry 4 } ::= { frwkCompLimitsEntry 5 }
Framework Policy Information Base July 2000
frwkCompLimitsGuidance OBJECT-TYPE frwkCompLimitsGuidance OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) SYNTAX OCTET STRING (SIZE(0..255))
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value used to convey additional information related "A value used to convey additional information related
to the implementation limitation noted by the to the implementation limitation noted by the
frwkCompLimitsType and frwkCompLimitsSubType frwkCompLimitsType and frwkCompLimitsSubType
attribute. The value of this attribute must be attribute. The value of this attribute must be
interpreted in the context of the frwkCompLimitsType and interpreted in the context of the frwkCompLimitsType and
skipping to change at page 21, line 33 skipping to change at page 21, line 46
is described by the following table. Note that the is described by the following table. Note that the
type of guidance value is dictated by the type of the type of guidance value is dictated by the type of the
component whose limitation is being exported. component whose limitation is being exported.
Base Type Length Value Base Type Length Value
--------- ------ ----- --------- ------ -----
INTEGER <none> 32-bit value INTEGER <none> 32-bit value
OCTET STRING 1 byte <length> octets of data OCTET STRING 1 byte <length> octets of data
OID 1 byte <length> 32-bit OID components." OID 1 byte <length> 32-bit OID components."
::= { frwkCompLimitsEntry 5 } ::= { frwkCompLimitsEntry 6 }
Framework Policy Information Base September 2000
-- --
-- The device interface capabilities and role combo classes group -- The device interface capabilities and role combo classes group
-- --
frwkDeviceCapClasses frwkDeviceCapClasses
OBJECT IDENTIFIER ::= { frameworkPib 2 } OBJECT IDENTIFIER ::= { frameworkPib 2 }
-- --
-- Interface Capability Set Table -- Interface Capability Set Table
-- --
frwkIfCapSetTable OBJECT-TYPE frwkIfCapSetTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIfCapSetEntry SYNTAX SEQUENCE OF FrwkIfCapSetEntry
PIB-ACCESS notify,4 PIB-ACCESS notify,4
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Interface type definitions. This class describes the types "This class describes the interfaces that exist on the
of interfaces that exist on the device. An interface type is device. Associated with each interface is a set of
defined by its name. Associated with each interface type is capabilities. The capability set is given a unique name that
a set of capabilities. These capabilities are used by the identifies the interface type. These capabilities are used
PDP to determine policy information to be associated with by the PDP to determine policy information to be associated
interfaces of this type." with interfaces of this type."
::= { frwkDeviceCapClasses 1 } ::= { frwkDeviceCapClasses 1 }
Framework Policy Information Base July 2000
frwkIfCapSetEntry OBJECT-TYPE frwkIfCapSetEntry OBJECT-TYPE
SYNTAX FrwkIfCapSetEntry SYNTAX FrwkIfCapSetEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of this class describes the characteristics "An instance of this class describes the characteristics
of a type of an interface." of a type of an interface."
INDEX { frwkIfCapSetPrid } PIB-INDEX { frwkIfCapSetPrid }
UNIQUENESS { frwkIfCapSetName, UNIQUENESS { frwkIfCapSetName,
frwkIfCapSetCapability } frwkIfCapSetCapability }
::= { frwkIfCapSetTable 1 } ::= { frwkIfCapSetTable 1 }
FrwkIfCapSetEntry ::= SEQUENCE { FrwkIfCapSetEntry ::= SEQUENCE {
frwkIfCapSetPrid PolicyInstanceId, frwkIfCapSetPrid InstanceId,
frwkIfCapSetName SnmpAdminString, frwkIfCapSetName SnmpAdminString,
frwkIfCapSetCapability Prid frwkIfCapSetCapability Prid
} }
frwkIfCapSetPrid OBJECT-TYPE frwkIfCapSetPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies a "An arbitrary integer index that uniquely identifies a
instance of the class." instance of the class."
::= { frwkIfCapSetEntry 1 } ::= { frwkIfCapSetEntry 1 }
Framework Policy Information Base September 2000
frwkIfCapSetName OBJECT-TYPE frwkIfCapSetName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name for the capability set. The capability set name "The name for the capability set. The capability set name
is the unique identifier of an interface type." is the unique identifier of an interface type."
::= { frwkIfCapSetEntry 2 } ::= { frwkIfCapSetEntry 2 }
frwkIfCapSetCapability OBJECT-TYPE frwkIfCapSetCapability OBJECT-TYPE
SYNTAX Prid SYNTAX Prid
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The complete OID specifying the PRC and the instance of the "The complete PRC OID and instance identifier specifying the
PRC containing a set of capabilities of the interface." capability PRC instance for the interface."
::= { frwkIfCapSetEntry 3 } ::= { frwkIfCapSetEntry 3 }
Framework Policy Information Base July 2000
-- --
-- Interface Capabilities Set Name and Role Combination Table -- Interface Capabilities Set Name and Role Combination Table
-- --
frwkIfCapSetRoleComboTable OBJECT-TYPE frwkIfCapSetRoleComboTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIfCapSetRoleComboEntry SYNTAX SEQUENCE OF FrwkIfCapSetRoleComboEntry
PIB-ACCESS notify,4 PIB-ACCESS notify,4
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Policy for an interface may depend not only on the type "Policy for an interface may depend not only on the
of interface but also on its roles. This table specifies capability set of an interface but also on its roles. This
all the <interface type, role combination> tuples currently table specifies all the <interface capability set name, role
on the device." combination> tuples currently on the device."
::= { frwkDeviceCapClasses 2 } ::= { frwkDeviceCapClasses 2 }
frwkIfCapSetRoleComboEntry OBJECT-TYPE frwkIfCapSetRoleComboEntry OBJECT-TYPE
SYNTAX FrwkIfCapSetRoleComboEntry SYNTAX FrwkIfCapSetRoleComboEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of this class describes a combination of an "An instance of this class describes a combination of an
interface type and a role combination." interface capability set name and a role combination."
INDEX { frwkIfCapSetRoleComboPrid } PIB-INDEX { frwkIfCapSetRoleComboPrid }
UNIQUENESS { frwkIfCapSetRoleComboName, UNIQUENESS { frwkIfCapSetRoleComboName,
frwkIfCapSetRoleComboRoles } frwkIfCapSetRoleComboRoles }
::= { frwkIfCapSetRoleComboTable 1 } ::= { frwkIfCapSetRoleComboTable 1 }
Framework Policy Information Base September 2000
FrwkIfCapSetRoleComboEntry ::= SEQUENCE { FrwkIfCapSetRoleComboEntry ::= SEQUENCE {
frwkIfCapSetRoleComboPrid PolicyInstanceId, frwkIfCapSetRoleComboPrid InstanceId,
frwkIfCapSetRoleComboName SnmpAdminString, frwkIfCapSetRoleComboName SnmpAdminString,
frwkIfCapSetRoleComboRoles RoleCombination frwkIfCapSetRoleComboRoles RoleCombination
} }
frwkIfCapSetRoleComboPrid OBJECT-TYPE frwkIfCapSetRoleComboPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies a "An arbitrary integer index that uniquely identifies a
instance of the class." instance of the class."
::= { frwkIfCapSetRoleComboEntry 1 } ::= { frwkIfCapSetRoleComboEntry 1 }
Framework Policy Information Base July 2000
frwkIfCapSetRoleComboName OBJECT-TYPE frwkIfCapSetRoleComboName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the interface type. This name must exist in "The name of the interface capability set. This name must
frwkIfCapSetTable." exist in frwkIfCapSetTable."
::= { frwkIfCapSetRoleComboEntry 2 } ::= { frwkIfCapSetRoleComboEntry 2 }
frwkIfCapSetRoleComboRoles OBJECT-TYPE frwkIfCapSetRoleComboRoles OBJECT-TYPE
SYNTAX RoleCombination SYNTAX RoleCombination
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A role combination. The PEP requires policy for interfaces "A role combination. The PEP requires policy for interfaces
with this role combination and of type with this role combination and of capability set name
frwkIfCapSetRoleComboName" specified by frwkIfCapSetRoleComboName"
::= { frwkIfCapSetRoleComboEntry 3 } ::= { frwkIfCapSetRoleComboEntry 3 }
Framework Policy Information Base September 2000
-- --
-- The Classification classes group -- The Classification classes group
-- --
frwkClassifierClasses frwkClassifierClasses
OBJECT IDENTIFIER ::= { frameworkPib 3 } OBJECT IDENTIFIER ::= { frameworkPib 3 }
-- --
-- The Base Filter Table -- The Base Filter Table
-- --
skipping to change at page 24, line 54 skipping to change at page 25, line 35
fields that are not relevant." fields that are not relevant."
::= { frwkClassifierClasses 1 } ::= { frwkClassifierClasses 1 }
frwkBaseFilterEntry OBJECT-TYPE frwkBaseFilterEntry OBJECT-TYPE
SYNTAX FrwkBaseFilterEntry SYNTAX FrwkBaseFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkBaseFilter class." "An instance of the frwkBaseFilter class."
INDEX { frwkBaseFilterPrid } PIB-INDEX { frwkBaseFilterPrid }
::= { frwkBaseFilterTable 1 } ::= { frwkBaseFilterTable 1 }
Framework Policy Information Base July 2000
FrwkBaseFilterEntry ::= SEQUENCE { FrwkBaseFilterEntry ::= SEQUENCE {
frwkBaseFilterPrid PolicyInstanceId, frwkBaseFilterPrid InstanceId,
frwkBaseFilterPermit TruthValue frwkBaseFilterPermit TruthValue
} }
frwkBaseFilterPrid OBJECT-TYPE frwkBaseFilterPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An integer index to uniquely identify this Filter among all "An integer index to uniquely identify this Filter among all
the Filters." the Filters."
::= { frwkBaseFilterEntry 1 } ::= { frwkBaseFilterEntry 1 }
Framework Policy Information Base September 2000
frwkBaseFilterPermit OBJECT-TYPE frwkBaseFilterPermit OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the packet matches this filter and the value of this "If the packet matches this filter and the value of this
attribute is true, then the matching process terminates attribute is true, then the matching process terminates
and the action associated with this filter (indirectly and the action associated with this filter (indirectly
through the filter group) is applied to the packet. If the through the filter group) is applied to the packet. If the
value of this attribute is false, then no more filters in value of this attribute is false, then no more filters in
the filter group are compared to this packet and matching the filter group are compared to this packet and matching
continues with the first filter of the next filter group." continues with the first filter of the next filter group."
::= { frwkBaseFilterEntry 2 } ::= { frwkBaseFilterEntry 2 }
-- --
-- The IP Filter Table -- The IP Filter Table
-- --
frwkIpFilterTable OBJECT-TYPE frwkIpFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIpFilterEntry SYNTAX SEQUENCE OF FrwkIpFilterEntry
PIB-ACCESS install,11 PIB-ACCESS install, 13
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Filter definitions. A packet has to match all fields in a "Filter definitions. A packet has to match all fields in a
filter. Wildcards may be specified for those fields that filter. Wildcards may be specified for those fields that
are not relevant." are not relevant."
INSTALL-ERRORS { INSTALL-ERRORS {
invalidDstL4PortData(1), invalidDstL4PortData(1),
invalidSrcL4PortData(2) invalidSrcL4PortData(2)
} }
::= { frwkClassifierClasses 2 } ::= { frwkClassifierClasses 2 }
Framework Policy Information Base July 2000
frwkIpFilterEntry OBJECT-TYPE frwkIpFilterEntry OBJECT-TYPE
SYNTAX FrwkIpFilterEntry SYNTAX FrwkIpFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkIpFilter class." "An instance of the frwkIpFilter class."
EXTENDS { frwkBaseFilterEntry } EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkIpFilterDstAddr, UNIQUENESS { frwkIpFilterDstAddr,
frwkIpFilterDstAddrMask, frwkIpFilterDstAddrMask,
frwkIpFilterSrcAddr, frwkIpFilterSrcAddr,
frwkIpFilterSrcAddrMask, frwkIpFilterSrcAddrMask,
frwkIpFilterDscp, frwkIpFilterDscp,
frwkIpFilterProtocol, frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin, frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax, frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin, frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax } frwkIpFilterSrcL4PortMax }
::= { frwkIpFilterTable 1 } ::= { frwkIpFilterTable 1 }
Framework Policy Information Base September 2000
FrwkIpFilterEntry ::= SEQUENCE { FrwkIpFilterEntry ::= SEQUENCE {
frwkIpFilterDstAddrType InetAddressType,
frwkIpFilterDstAddr InetAddress, frwkIpFilterDstAddr InetAddress,
frwkIpFilterDstAddrMask InetAddress, frwkIpFilterDstAddrMask Unsigned32,
frwkIpFilterSrcAddrType InetAddressType,
frwkIpFilterSrcAddr InetAddress, frwkIpFilterSrcAddr InetAddress,
frwkIpFilterSrcAddrMask InetAddress, frwkIpFilterSrcAddrMask Unsigned32,
frwkIpFilterDscp Integer32, frwkIpFilterDscp Integer32,
frwkIpFilterProtocol INTEGER, frwkIpFilterProtocol INTEGER,
frwkIpFilterDstL4PortMin INTEGER, frwkIpFilterDstL4PortMin INTEGER,
frwkIpFilterDstL4PortMax INTEGER, frwkIpFilterDstL4PortMax INTEGER,
frwkIpFilterSrcL4PortMin INTEGER, frwkIpFilterSrcL4PortMin INTEGER,
frwkIpFilterSrcL4PortMax INTEGER frwkIpFilterSrcL4PortMax INTEGER
} }
frwkIpFilterDstAddrType OBJECT-TYPE
SYNTAX InetAddressType
STATUS current
DESCRIPTION
"The address type enumeration value to specify the type of
the packet's destination IP address."
::= { frwkIpFilterEntry 1 }
frwkIpFilterDstAddr OBJECT-TYPE frwkIpFilterDstAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP address to match against the packet's destination IP "The IP address to match against the packet's destination IP
address." address."
::= { frwkIpFilterEntry 1 } ::= { frwkIpFilterEntry 2 }
Framework Policy Information Base July 2000
frwkIpFilterDstAddrMask OBJECT-TYPE frwkIpFilterDstAddrMask OBJECT-TYPE
SYNTAX InetAddress SYNTAX Unsigned32
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A mask for the matching of the destination IP address. "The length of a mask for the matching of the destination
A zero bit in the mask means that the corresponding bit in IP address. Masks are constructed by setting bits in
the address always matches." sequence from the most-significant bit downwards for
frwkIpFilterDstAddrMask bits length. All other bits in the
mask, up to the number needed to fill the length of the
address frwkIpFilterDstAddr are cleared to zero. A zero bit
in the mask then means that the corresponding bit in the
address always matches."
::= { frwkIpFilterEntry 2 } ::= { frwkIpFilterEntry 3 }
Framework Policy Information Base September 2000
frwkIpFilterSrcAddrType OBJECT-TYPE
SYNTAX InetAddressType
STATUS current
DESCRIPTION
"The address type enumeration value to specify the type of
the packet's source IP address."
::= { frwkIpFilterEntry 4 }
frwkIpFilterSrcAddr OBJECT-TYPE frwkIpFilterSrcAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP address to match against the packet's source IP "The IP address to match against the packet's source IP
address." address."
::= { frwkIpFilterEntry 3 } ::= { frwkIpFilterEntry 5 }
frwkIpFilterSrcAddrMask OBJECT-TYPE frwkIpFilterSrcAddrMask OBJECT-TYPE
SYNTAX InetAddress SYNTAX Unsigned32
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A mask for the matching of the source IP address." "The length of a mask for the matching of the source IP
address. Masks are constructed by setting bits in sequence
from the most-significant bit downwards for
frwkIpFilterSrcAddrMask bits length. All other bits in the
mask, up to the number needed to fill the length of the
address frwkIpFilterSrcAddr are cleared to zero. A zero bit
in the mask then means that the corresponding bit in the
address always matches."
::= { frwkIpFilterEntry 4 } ::= { frwkIpFilterEntry 6 }
frwkIpFilterDscp OBJECT-TYPE frwkIpFilterDscp OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..63) SYNTAX Integer32 (-1 | 0..63)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value that the DSCP in the packet can have and "The value that the DSCP in the packet can have and
match this filter. A value of -1 indicates that a specific match this filter. A value of -1 indicates that a specific
DSCP value has not been defined and thus all DSCP values DSCP value has not been defined and thus all DSCP values
are considered a match." are considered a match."
::= { frwkIpFilterEntry 5 } ::= { frwkIpFilterEntry 7 }
Framework Policy Information Base September 2000
frwkIpFilterProtocol OBJECT-TYPE frwkIpFilterProtocol OBJECT-TYPE
SYNTAX INTEGER (0..255) SYNTAX INTEGER (0..255)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP protocol to match against the packet's protocol. "The IP protocol to match against the packet's protocol.
A value of zero means match all." A value of zero means match all."
::= { frwkIpFilterEntry 6 } ::= { frwkIpFilterEntry 8 }
Framework Policy Information Base July 2000
frwkIpFilterDstL4PortMin OBJECT-TYPE frwkIpFilterDstL4PortMin OBJECT-TYPE
SYNTAX INTEGER (0..65535) SYNTAX INTEGER (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum value that the packet's layer 4 destination "The minimum value that the packet's layer 4 destination
port number can have and match this filter." port number can have and match this filter."
::= { frwkIpFilterEntry 7 } ::= { frwkIpFilterEntry 9 }
frwkIpFilterDstL4PortMax OBJECT-TYPE frwkIpFilterDstL4PortMax OBJECT-TYPE
SYNTAX INTEGER (0..65535) SYNTAX INTEGER (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 destination "The maximum value that the packet's layer 4 destination
port number can have and match this filter. This value must port number can have and match this filter. This value must
be equal to or greater that the value specified for this be equal to or greater that the value specified for this
filter in frwkIpFilterDstL4PortMin." filter in frwkIpFilterDstL4PortMin."
::= { frwkIpFilterEntry 8 } ::= { frwkIpFilterEntry 10 }
frwkIpFilterSrcL4PortMin OBJECT-TYPE frwkIpFilterSrcL4PortMin OBJECT-TYPE
SYNTAX INTEGER (0..65535) SYNTAX INTEGER (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum value that the packet's layer 4 source port "The minimum value that the packet's layer 4 source port
number can have and match this filter." number can have and match this filter."
::= { frwkIpFilterEntry 9 } ::= { frwkIpFilterEntry 11 }
frwkIpFilterSrcL4PortMax OBJECT-TYPE frwkIpFilterSrcL4PortMax OBJECT-TYPE
SYNTAX INTEGER (0..65535) SYNTAX INTEGER (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 source port "The maximum value that the packet's layer 4 source port
number can have and match this filter. This value must be number can have and match this filter. This value must be
equal to or greater that the value specified for this filter equal to or greater that the value specified for this filter
in frwkIpFilterSrcL4PortMin." in frwkIpFilterSrcL4PortMin."
::= { frwkIpFilterEntry 10 } ::= { frwkIpFilterEntry 12 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
-- --
-- The IEEE 802 Filter Table -- The IEEE 802 Filter Table
-- --
-- The IEEE 802 Filter Table supports the specification of IEEE -- The IEEE 802 Filter Table supports the specification of IEEE
-- 802-based (e.g., 802.3) information that is used to perform -- 802-based (e.g., 802.3) information that is used to perform
-- traffic classification. -- traffic classification.
-- --
skipping to change at page 30, line 5 skipping to change at page 31, line 5
frwk802FilterDstAddrMask, frwk802FilterDstAddrMask,
frwk802FilterSrcAddr, frwk802FilterSrcAddr,
frwk802FilterSrcAddrMask, frwk802FilterSrcAddrMask,
frwk802FilterVlanId, frwk802FilterVlanId,
frwk802FilterVlanTagRequired, frwk802FilterVlanTagRequired,
frwk802FilterEtherType, frwk802FilterEtherType,
frwk802FilterUserPriority } frwk802FilterUserPriority }
::= { frwk802FilterTable 1 } ::= { frwk802FilterTable 1 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
Frwk802FilterEntry ::= SEQUENCE { Frwk802FilterEntry ::= SEQUENCE {
frwk802FilterDstAddr PhysAddress, frwk802FilterDstAddr PhysAddress,
frwk802FilterDstAddrMask PhysAddress, frwk802FilterDstAddrMask PhysAddress,
frwk802FilterSrcAddr PhysAddress, frwk802FilterSrcAddr PhysAddress,
frwk802FilterSrcAddrMask PhysAddress, frwk802FilterSrcAddrMask PhysAddress,
frwk802FilterVlanId Integer32, frwk802FilterVlanId Integer32,
frwk802FilterVlanTagRequired INTEGER, frwk802FilterVlanTagRequired INTEGER,
frwk802FilterEtherType Integer32, frwk802FilterEtherType Integer32,
frwk802FilterUserPriority BITS frwk802FilterUserPriority BITS
skipping to change at page 31, line 5 skipping to change at page 32, line 5
frwk802FilterDstAddr value must also be masked using this frwk802FilterDstAddr value must also be masked using this
value prior to any comparisons. value prior to any comparisons.
The length of this object in octets must equal the length in The length of this object in octets must equal the length in
octets of the frwk802FilterDstAddr. Note that a mask with no octets of the frwk802FilterDstAddr. Note that a mask with no
bits set (i.e., all zeroes) effectively wildcards the bits set (i.e., all zeroes) effectively wildcards the
frwk802FilterDstAddr object." frwk802FilterDstAddr object."
::= { frwk802FilterEntry 2 } ::= { frwk802FilterEntry 2 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwk802FilterSrcAddr OBJECT-TYPE frwk802FilterSrcAddr OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 802 MAC address against which the 802 MAC SA of "The 802 MAC address against which the 802 MAC SA of
incoming traffic streams will be compared. Frames whose 802 incoming traffic streams will be compared. Frames whose 802
MAC SA matches the physical address specified by this MAC SA matches the physical address specified by this
object, taking into account address wildcarding as specified object, taking into account address wildcarding as specified
by the frwk802FilterSrcAddrMask object, are potentially by the frwk802FilterSrcAddrMask object, are potentially
skipping to change at page 32, line 5 skipping to change at page 33, line 5
(i.e., traffic associated with this VID has not yet (i.e., traffic associated with this VID has not yet
been seen by the device) at the time this entry been seen by the device) at the time this entry
is instantiated. is instantiated.
Setting the frwk802FilterVlanId object to -1 indicates that Setting the frwk802FilterVlanId object to -1 indicates that
VLAN data should not be considered during traffic VLAN data should not be considered during traffic
classification." classification."
::= { frwk802FilterEntry 5 } ::= { frwk802FilterEntry 5 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwk802FilterVlanTagRequired OBJECT-TYPE frwk802FilterVlanTagRequired OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
taggedOnly(1), taggedOnly(1),
priorityTaggedPlus(2), priorityTaggedPlus(2),
untaggedOnly(3), untaggedOnly(3),
ignoreTag(4) ignoreTag(4)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 33, line 5 skipping to change at page 34, line 5
classification. classification.
Note that the position of the EtherType field depends on Note that the position of the EtherType field depends on
the underlying frame format. For Ethernet-II encapsulation, the underlying frame format. For Ethernet-II encapsulation,
the EtherType field follows the 802 MAC source address. For the EtherType field follows the 802 MAC source address. For
802.2 LLC/SNAP encapsulation, the EtherType value follows 802.2 LLC/SNAP encapsulation, the EtherType value follows
the Organization Code field in the 802.2 SNAP header. The the Organization Code field in the 802.2 SNAP header. The
value that is tested with regard to this filter component value that is tested with regard to this filter component
therefore depends on the data link layer frame format being therefore depends on the data link layer frame format being
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
used. If this 802 filter component is active when there is used. If this 802 filter component is active when there is
no EtherType field in a frame (e.g., 802.2 LLC), a match is no EtherType field in a frame (e.g., 802.2 LLC), a match is
implied." implied."
::= { frwk802FilterEntry 7 } ::= { frwk802FilterEntry 7 }
frwk802FilterUserPriority OBJECT-TYPE frwk802FilterUserPriority OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
matchPriority0(0), matchPriority0(0),
skipping to change at page 34, line 5 skipping to change at page 35, line 5
SYNTAX SEQUENCE OF FrwkFilterGroupDefnEntry SYNTAX SEQUENCE OF FrwkFilterGroupDefnEntry
PIB-ACCESS install,5 PIB-ACCESS install,5
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A class that defines Filter Groups. Each Group being an "A class that defines Filter Groups. Each Group being an
ordered list of filters. Each instance of this class ordered list of filters. Each instance of this class
identifies one filter of a group and the precedence order of identifies one filter of a group and the precedence order of
that filter with respect to other filters in the same that filter with respect to other filters in the same
group." group."
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
INSTALL-ERRORS { INSTALL-ERRORS {
priPrecedenceConflict(1) -- precedence conflict detected priPrecedenceConflict(1) -- precedence conflict detected
} }
::= { frwkClassifierClasses 4 } ::= { frwkClassifierClasses 4 }
frwkFilterGroupDefnEntry OBJECT-TYPE frwkFilterGroupDefnEntry OBJECT-TYPE
SYNTAX FrwkFilterGroupDefnEntry SYNTAX FrwkFilterGroupDefnEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkFilterGroupDefn class." "An instance of the frwkFilterGroupDefn class."
INDEX { frwkFilterGroupDefnPrid } PIB-INDEX { frwkFilterGroupDefnPrid }
UNIQUENESS { frwkFilterGroupDefnId, UNIQUENESS { frwkFilterGroupDefnId,
frwkFilterGroupDefnFilterId } frwkFilterGroupDefnFilterId,
frwkFilterGroupDefnFilterPrecedence }
::= { frwkFilterGroupDefnTable 1 } ::= { frwkFilterGroupDefnTable 1 }
FrwkFilterGroupDefnEntry ::= SEQUENCE { FrwkFilterGroupDefnEntry ::= SEQUENCE {
frwkFilterGroupDefnPrid PolicyInstanceId, frwkFilterGroupDefnPrid InstanceId,
frwkFilterGroupDefnId PolicyTagId, frwkFilterGroupDefnId TagId,
frwkFilterGroupDefnFilterId PolicyReferenceId, frwkFilterGroupDefnFilterId ReferenceId,
frwkFilterGroupDefnFilterPrecedence Unsigned32 frwkFilterGroupDefnFilterPrecedence Unsigned32
} }
frwkFilterGroupDefnPrid OBJECT-TYPE frwkFilterGroupDefnPrid OBJECT-TYPE
SYNTAX PolicyInstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Unique index of this policy rule instance." "Unique index of this provisioning instance."
::= { frwkFilterGroupDefnEntry 1 } ::= { frwkFilterGroupDefnEntry 1 }
frwkFilterGroupDefnId OBJECT-TYPE frwkFilterGroupDefnId OBJECT-TYPE
SYNTAX PolicyTagId SYNTAX TagId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An ID for this Filter Group. There will be one instance of "An ID for this Filter Group. There will be one instance of
the class frwkFilterGroupDefn with this ID for each the class frwkFilterGroupDefn with this ID for each
instance of the Base filter class in the Filter Group per instance of the Base filter class in the Filter Group per
role combination. role combination.
Note that this identifier is used in instances of the Note that this identifier is used in instances of the
Class that associate a Filter Group with an interface Class that associate a Filter Group with an interface
set and specific actions. An active Filter Group-Target set and specific actions. An active Filter Group-Target
association prohibits the deletion of all of the association prohibits the deletion of all of the
frwkFilterGroupDefn instances with a given frwkFilterGroupDefn instances with a given
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwkFilterGroupDefnId (i.e., at frwkFilterGroupDefnId (i.e., at least one entry for the
least one entry for the specific frwkFilterGroupDefnId specific frwkFilterGroupDefnId must be present in this
must be present in this table) until the Filter Group-Target table) until the Filter Group-Target association is
association is terminated." terminated."
::= { frwkFilterGroupDefnEntry 2 } ::= { frwkFilterGroupDefnEntry 2 }
frwkFilterGroupDefnFilterId OBJECT-TYPE frwkFilterGroupDefnFilterId OBJECT-TYPE
SYNTAX PolicyReferenceId SYNTAX ReferenceId
PIB-REFERENCES {frwkBaseFilterEntry} PIB-REFERENCES {frwkBaseFilterEntry}
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This attribute specifies the filter in the "This attribute specifies the filter in the
frwkBaseFilterTable that is in the Filter Group specified by frwkBaseFilterTable that is in the Filter Group specified by
frwkFilterGroupDefnId at the position specified by the frwkFilterGroupDefnId at the position specified by the
FilterPrecedence attribute. FilterPrecedence attribute.
Attempting to specify an unknown class instance will result Attempting to specify an unknown class instance will result
in an appropriate error indication being returned to the in an appropriate error indication being returned to the
skipping to change at page 36, line 5 skipping to change at page 37, line 5
A filter with a given precedence order is positioned in the A filter with a given precedence order is positioned in the
Filter group before one with a higher-valued Filter group before one with a higher-valued
precedence order. precedence order.
Precedence values within a group must be unique otherwise Precedence values within a group must be unique otherwise
instance installation will be prohibited and an error instance installation will be prohibited and an error
value will be returned." value will be returned."
::= { frwkFilterGroupDefnEntry 4 } ::= { frwkFilterGroupDefnEntry 4 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
-- --
-- Conformance Section -- Conformance Section
-- --
frwkBasePibConformance frwkBasePibConformance
OBJECT IDENTIFIER ::= { frameworkPib 4 } OBJECT IDENTIFIER ::= { frameworkPib 4 }
frwkBasePibCompliances frwkBasePibCompliances
OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 } OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 }
skipping to change at page 37, line 5 skipping to change at page 38, line 5
GROUP frwkBaseFilterGroup GROUP frwkBaseFilterGroup
DESCRIPTION DESCRIPTION
"The frwkBaseFilterGroup is mandatory if filtering "The frwkBaseFilterGroup is mandatory if filtering
based on traffic components is supported." based on traffic components is supported."
GROUP frwkIpFilterGroup GROUP frwkIpFilterGroup
DESCRIPTION DESCRIPTION
"The frwkIpFilterGroup is mandatory if filtering "The frwkIpFilterGroup is mandatory if filtering
based on IP traffic components is supported." based on IP traffic components is supported."
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
GROUP frwk802FilterGroup GROUP frwk802FilterGroup
DESCRIPTION DESCRIPTION
"The frwk802FilterGroup is mandatory if filtering "The frwk802FilterGroup is mandatory if filtering
based on 802 traffic criteria is supported." based on 802 traffic criteria is supported."
GROUP frwkFilterGroupDefnGroup GROUP frwkFilterGroupDefnGroup
DESCRIPTION DESCRIPTION
"The frwkFilterGroupDefnGroup is mandatory if "The frwkFilterGroupDefnGroup is mandatory if
filtering based on IP traffic components is filtering based on IP or 802 traffic components is
supported." supported."
::= { frwkBasePibCompliances 1 } ::= { frwkBasePibCompliances 1 }
frwkPrcSupportGroup OBJECT-GROUP frwkPrcSupportGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkPrcSupportSupportedPrc, frwkPrcSupportSupportedPrc,
frwkPrcSupportSupportedAttrs, frwkPrcSupportSupportedAttrs,
frwkPrcSupportMaxPris frwkPrcSupportMaxPris
} }
skipping to change at page 38, line 5 skipping to change at page 39, line 5
OBJECTS { OBJECTS {
frwkDeviceIdDescr, frwkDeviceIdDescr,
frwkDeviceIdMaxMsg, frwkDeviceIdMaxMsg,
frwkDeviceIdMaxContexts } frwkDeviceIdMaxContexts }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkDeviceIdTable." "Objects from the frwkDeviceIdTable."
::= { frwkBasePibGroups 3 } ::= { frwkBasePibGroups 3 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwkCompLimitsGroup OBJECT-GROUP frwkCompLimitsGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkCompLimitsComponent, frwkCompLimitsComponent,
frwkCompLimitsTypeGlobal,
frwkCompLimitsType, frwkCompLimitsType,
frwkCompLimitsGuidance, frwkCompLimitsGuidance,
frwkCompLimitsSubType } frwkCompLimitsSubType }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkCompLimitsTable." "Objects from the frwkCompLimitsTable."
::= { frwkBasePibGroups 4 } ::= { frwkBasePibGroups 4 }
frwkIfCapSetGroup OBJECT-GROUP frwkIfCapSetGroup OBJECT-GROUP
skipping to change at page 39, line 5 skipping to change at page 40, line 5
frwkBaseFilterGroup OBJECT-GROUP frwkBaseFilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkBaseFilterPermit frwkBaseFilterPermit
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkBaseFilterTable." "Objects from the frwkBaseFilterTable."
::= { frwkBasePibGroups 7 } ::= { frwkBasePibGroups 7 }
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
frwkIpFilterGroup OBJECT-GROUP frwkIpFilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkIpFilterDstAddrType,
frwkIpFilterDstAddr, frwkIpFilterDstAddr,
frwkIpFilterDstAddrMask, frwkIpFilterDstAddrMask,
frwkIpFilterSrcAddrType,
frwkIpFilterSrcAddr, frwkIpFilterSrcAddr,
frwkIpFilterSrcAddrMask, frwkIpFilterSrcAddrMask,
frwkIpFilterDscp, frwkIpFilterDscp,
frwkIpFilterProtocol, frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin, frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax, frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin, frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax frwkIpFilterSrcL4PortMax
} }
STATUS current STATUS current
skipping to change at page 40, line 5 skipping to change at page 41, line 5
frwkFilterGroupDefnFilterPrecedence frwkFilterGroupDefnFilterPrecedence
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkFilterGroupDefnTable." "Objects from the frwkFilterGroupDefnTable."
::= { frwkBasePibGroups 10 } ::= { frwkBasePibGroups 10 }
END END
Framework Policy Information Base July 2000 Framework Policy Information Base September 2000
6. Security Considerations 6. Security Considerations
The information contained in a PIB when transported by the COPS It is clear that this PIB is used for configuration using [COPS-PR],
protocol [COPS-PR] may be sensitive, and its function of and anything that can be configured can be misconfigured, with
provisioning a PEP requires that only authorized communication take potentially disastrous effect. At this writing, no security holes
place. The use of IPSEC between PDP and PEP, as described in have been identified beyond those that the COPS base protocol
[COPS], provides the necessary protection against these threats. security is itself intended to address. These relate primarily to
controlled access to sensitive information and the ability to
configure a device - or which might result from operator error,
which is beyond the scope of any security architecture.
7. Intellectual Property Considerations There are a number of provisioning classes defined in this PIB that
have a PIB-ACCESS clause of install (read-create). Such objects may
be considered sensitive or vulnerable in some network environments.
The support for "Install" decisions sent over [COPS-PR] in a non-
secure environment without proper protection can have a negative
effect on network operations. There are a number of provisioning
classes in this PIB that may contain information that may be
sensitive from a business perspective, in that they may represent a
customer's service contract or the filters that the service provider
chooses to apply to a customer's ingress or egress traffic. There
are no PRCs that are sensitive in their own right, such as passwords
or monetary amounts. It may be important to control even
"Notify"(read-only) access to these PRCs and possibly to even
encrypt the values of these PRIs when sending them over the network
via COPS-PR. Even if the network itself is secure (for example by
using IPSec), there is no control as to who on the secure network is
allowed to "Install/Notify" (read/change/create/delete) the PRIs in
this PIB. It is recommended that the implementers consider the
security features as provided by the COPS base protocol.
The IETF is being notified of intellectual property rights claimed It is then a customer/user responsibility to ensure that the PEP/PDP
in regard to some or all of the specification contained in this giving access to an instance of this PIB, is properly configured to
document. For more information consult the online list of claimed give access to the PRIs only to those principals (users) that have
rights. legitimate rights to indeed "Install" or "Notify" (change/create/
delete) them. The use of IPSEC between the PDP and the PEP, as
described in [COPS], provides the necessary protection against
security threats.
8. Author Information and Acknowledgments 7. Author Information and Acknowledgments
Michael Fine Michael Fine
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 527 8218 Phone: +1 408 527 8218
Email: mfine@cisco.com Email: mfine@cisco.com
Framework Policy Information Base September 2000
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 526 5260 Phone: +1 408 526 5260
Email: kzm@cisco.com Email: kzm@cisco.com
John Seligson John Seligson
Nortel Networks, Inc. Nortel Networks, Inc.
4401 Great America Parkway 4401 Great America Parkway
skipping to change at page 41, line 5 skipping to change at page 42, line 28
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com Email: jseligso@nortelnetworks.com
Kwok Ho Chan Kwok Ho Chan
Nortel Networks, Inc. Nortel Networks, Inc.
600 Technology Park Drive 600 Technology Park Drive
Billerica, MA 01821 USA Billerica, MA 01821 USA
Phone: +1 978 288 8175 Phone: +1 978 288 8175
Email: khchan@nortelnetworks.com Email: khchan@nortelnetworks.com
Framework Policy Information Base July 2000
Scott Hahn Scott Hahn
Intel Corp. Intel Corp.
2111 NE 25th Avenue 2111 NE 25th Avenue
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
Phone: +1 503 264 8231 Phone: +1 503 264 8231
Email: scott.hahn@intel.com Email: scott.hahn@intel.com
Ravi Sahita Ravi Sahita
Intel Corp. Intel Corp.
2111 NE 25th Avenue 2111 NE 25th Avenue
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
Phone: +1 503 712 1554 Phone: +1 503 712 1554
Email: ravi.sahita@intel.com Email: ravi.sahita@intel.com
Andrew Smith Andrew Smith
Fax: +1 415 345 1827 Fax: +1 415 345 1827
Email: ah_smith@pacbell.net Email: ah_smith@pacbell.net
Francis Reichmeyer Francis Reichmeyer
IPHighway Inc. PFN, Inc.
Parker Plaza, 16th Floor University Park at MIT
400 Kelby St. 26 Landsdowne Street
Fort-Lee, NJ 07024 Cambridge, MA 02139
Phone: (201) 585-0800 Phone: +1 617 494 9980
Email: FranR@iphighway.com Email: franr@pfn.com
Special thanks to Carol Bell and David Durham for their many Special thanks to Carol Bell and David Durham for their many
significant comments. significant comments.
9. References Framework Policy Information Base September 2000
8. References
[COPS] [COPS]
Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and
A. Sastry, "The COPS (Common Open Policy Service) Protocol" A. Sastry, "The COPS (Common Open Policy Service) Protocol"
RFC 2748, January 2000. RFC 2748, January 2000.
[COPS-PR] [COPS-PR]
K. Chan, D. Durham, S. Gai, S. Herzog, K. McCloghrie, K. Chan, D. Durham, S. Gai, S. Herzog, K. McCloghrie,
F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage
for Policy Provisioning," draft-ietf-rap-pr-03.txt, for Policy Provisioning," draft-ietf-rap-pr-04.txt,
July 2000. August 2000.
[SPPI] [SPPI]
K. McCloghrie, et.al., "Structure of Policy Provisioning K. McCloghrie, et.al., "Structure of Policy Provisioning
Information," draft-ietf-rap-sppi-01.txt, July 2000. Information," draft-ietf-rap-sppi-02.txt, September 2000.
[POLICY]
M. Stevens, W. Weiss H. Mahon, B. Moore, J. Strassner,
G. Waters, A. Westerinen, J. Wheeler, "Policy Framework",
draft-ietf-policy-framework-00.txt, September 1999.
Framework Policy Information Base July 2000
[RAP-FRAMEWORK] [RAP-FRAMEWORK]
R. Yavatkar, D. Pendarakis, "A Framework for Policy-based R. Yavatkar, D. Pendarakis, "A Framework for Policy-based
Admission Control", RFC 2753, January 2000. Admission Control", RFC 2753, January 2000.
[SNMP-SMI] [SNMP-SMI]
K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose
and S. Waldbusser, "Structure of Management Information and S. Waldbusser, "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
Framework Policy Information Base July 2000 9. Full Copyright
Copyright (C) The Internet Society (2000). All Rights Reserved. This
document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Framework Policy Information Base September 2000
Table of Contents Table of Contents
Status of this Memo...............................................1 Status of this Memo...............................................1
1. Glossary......................................................2 1. Glossary.......................................................2
2. Introduction..................................................2 2. Introduction...................................................2
3. General PIB Concepts..........................................2 3. General PIB Concepts...........................................2
3.1. Roles.......................................................2 3.1. Roles........................................................2
3.1.1. An Example................................................4 3.1.1. An Example.................................................4
3.2. Multiple PIB Instances......................................5 3.2. Multiple PIB Instances.......................................5
3.3. Reporting of Device Capabilities............................6 3.3. Reporting of Device Capabilities.............................6
3.4. Reporting of Device Limitations.............................6 3.4. Reporting of Device Limitations..............................6
4. Summary of the Framework PIB..................................6 4. Summary of the Framework PIB...................................6
5. The Framework PIB Module......................................9 5. The Framework PIB Module.......................................9
6. Security Considerations......................................40 7. Author Information and Acknowledgments........................41
7. Intellectual Property Considerations.........................40 8. References....................................................43
8. Author Information and Acknowledgments........................40 9. Full Copyright................................................43
9. References...................................................41
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/